IRS hack was worse than initially thought

IRS hack was worse than initially thought

Share

The taxpayer information breach at the IRS was much larger than initially reported in May, according to a report in the Wall Street Journal.

An additional 220,000 taxpayers had their information accessed via the IRS’ “Get Transcript” application, including Social Security numbers, dates of birth, tax filing statuses and street addresses. This is on top of the 100,000 accounts initially reported in May, tripling the grand total to 320,000.

The hack also started sooner than originally thought, with thieves attempting to access taxpayer data as early as November 2014. Originally, the IRS said hackers started entering the system in February.

In May, IRS Commissioner John Koskinen said a lot of the data that was used to bypass the “Get Transcript” process was already available through social media accounts, which criminals mine for information they can use for their operations. The criminals keep that information in databases and run scripts that will fill in fields until they match a correct answer for security questions, such as a high school mascot or a pet’s name.

The agency said it is notifying the newly uncovered victims, offering them free credit monitoring services.

The lack of cybersecurity resources at the IRS has the attention of the White House. In an updated fact sheet released last week, the White House’s Office of Management and Budget is looking to give the IRS $242 million to protect taxpayer information, a 72 percent increase over 2015. That number pales in comparison to the $5 billion the IRS loses to identity fraud via fraudulent tax returns.